Vulnerabilities > CVE-2006-0820 - Input Validation vulnerability in Gnome Dwarf Http Server 1.3.2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified error messages.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | CGI abuses |
NASL id | DWARF_HTTP_133.NASL |
description | The remote host is running Dwarf HTTP Server, a full-featured, Java-based web server. According to its banner, the version of Dwarf HTTP Server on the remote host reportedly fails to properly validate filename extensions in URLs. A remote attacker may be able to leverage this issue to disclose the source of scripts hosted by the affected application using specially crafted requests with dot, space, slash, and NULL characters. In addition, the web server also reportedly fails to sanitize requests before returning error pages, which can be exploited to conduct cross-site scripting attacks. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21092 |
published | 2006-03-17 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21092 |
title | Dwarf HTTP Server < 1.3.3 Multiple Remote Vulnerabilities (XSS, Disc) |
code |
|
References
- http://secunia.com/advisories/18962
- http://secunia.com/secunia_research/2006-13/advisory
- http://securitytracker.com/id?1015779
- http://www.osvdb.org/23837
- http://www.securityfocus.com/archive/1/427478/100/0/threaded
- http://www.securityfocus.com/bid/17123
- http://www.vupen.com/english/advisories/2006/0937
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25179